Patch Tuesday, April 2025 Edition Krebs on SecurityBrianKrebs
April 8, 2025

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven …


Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw The Hacker [email protected] (The Hacker News)
April 8, 2025

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS …


Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw The Hacker [email protected] (The Hacker News)
April 8, 2025

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS …


Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal The Hacker [email protected] (The Hacker News)
April 8, 2025

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege …


Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings The Hacker [email protected] (The Hacker News)
April 8, 2025

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate …


Agentic AI in the SOC – Dawn of Autonomous Alert Triage The Hacker [email protected] (The Hacker News)
April 8, 2025

Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial …


UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine The Hacker [email protected] (The Hacker News)
April 8, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law enforcement …


CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation The Hacker [email protected] (The Hacker News)
April 8, 2025

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged …


Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities The Hacker [email protected] (The Hacker News)
April 7, 2025

Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 (CVSS score: 7.8) - An …


CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks The Hacker [email protected] (The Hacker News)
April 7, 2025

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted …